New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SUBMARINE-597. Support for SSH based git sync mode #391
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hi, @manirajv06 There are 2 problems with this PR:
- We need to explain what this PR contains in the description of SUBMARINE-597 and PR.
- In the paragraph
What is this PR for?
is not put a link to SUBMARINE-597, it should be the content of SUBMARINE-597.
@wangdatan @tangzhankun Can you please take a look? We will need to add the documentation to describe the steps to create secrets as prerequisite step. Please refer https://github.com/kubernetes/git-sync/blob/master/docs/ssh.md for more details. For example,
ssh-keyscan github.com > /tmp/known_hosts
kubectl --kubeconfig /Users/mani/.kube/kind-config-kind create secret generic git-creds --from-file=ssh=/Users/mani/.ssh/id_rsa --from-file=known_hosts=/tmp/known_hosts |
@liuxunorg Taken care |
64eb1da
to
745d135
Compare
I helped you update the content of the PR. Please pay attention to my changes. |
@manirajv06 I have two question:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @manirajv06 for the work. I left some questions inline.
...ava/org/apache/submarine/server/submitter/k8s/experiment/codelocalizer/GitCodeLocalizer.java
Outdated
Show resolved
Hide resolved
.../org/apache/submarine/server/submitter/k8s/experiment/codelocalizer/SSHGitCodeLocalizer.java
Outdated
Show resolved
Hide resolved
.../org/apache/submarine/server/submitter/k8s/experiment/codelocalizer/SSHGitCodeLocalizer.java
Outdated
Show resolved
Hide resolved
|
||
List<V1VolumeMount> initContainerVolumeMounts = | ||
podSpec.getInitContainers().get(0).getVolumeMounts(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why get the first item?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are 2 init containers. 1. for git sync process and 2. for environment setup. 0th init container has been created for git code sync process. As part of git sync, it is required to get some properties of corresponding init container and set the same in pod spec level as well. Hence, this step.
Source code available at git hub repos can be pulled into /code destination directory in k8 container using ssh based access. Earlier, we had support for "http" based access and now for "ssh" based access.
I don't have screenshots. It pulls the code from git hub repos and place it in /code destination directory. |
Thanks. |
70895eb
to
88d3f77
Compare
@manirajv06 I have a question:
Maybe you need to create a new jira to support this new feature. Can you raise this question at the next community meeting, can we discuss it together? |
Yes, this requires sharing private key info. Ideally, we will need to get this info through Web UI to create the secrets in K8s and use it while creating init containers. May be I can write a design doc and run it through with others. This requires co-ordination with folks working on UI. cc @tangzhankun @wangdatan For now, secrets can be created through k8 commands. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@manirajv06 Thank you for contribution this featue.
LGTM
What is this PR for?
Clone the source code from git repository using SSH based access. /code dir is the location to store the source code. SSH based access requires SSH host private key and known hosts to be passed through /etc/secret to K8 git sync init container process.
What type of PR is it?
Improvement
Todos
How should this be tested?
Screenshots (if appropriate)
Questions: